diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-10-08 13:45:08 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-10-08 13:45:08 +0000 |
| commit | 9d34941961856b21028cb4a838a1218a8edf332b (patch) | |
| tree | ff607eea0ac36d3b613354644730fb3d77553a3b | |
| parent | f673b89cd43dc3fe12a443558e82318ed03fb6ef (diff) | |
| download | aports-9d34941961856b21028cb4a838a1218a8edf332b.tar.bz2 aports-9d34941961856b21028cb4a838a1218a8edf332b.tar.xz | |
main/libexif: security fix (CVE-2017-7544)
Fixes #9521
| -rw-r--r-- | main/libexif/APKBUILD | 13 | ||||
| -rw-r--r-- | main/libexif/CVE-2017-7544.patch | 20 |
2 files changed, 30 insertions, 3 deletions
diff --git a/main/libexif/APKBUILD b/main/libexif/APKBUILD index 076ff2a97b..db6884eb2b 100644 --- a/main/libexif/APKBUILD +++ b/main/libexif/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libexif pkgver=0.6.21 -pkgrel=2 +pkgrel=3 pkgdesc="A library to parse an EXIF file and read the data from those tags" url="https://sourceforge.net/projects/libexif" arch="all" @@ -9,7 +9,13 @@ license="LGPL-2.0+" subpackages="$pkgname-dev $pkgname-doc" depends= makedepends= -source="https://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2" +source="https://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 + CVE-2017-7544.patch + " + +# secfixes +# 0.6.21-r3: +# - CVE-2017-7544 prepare() { cd "$builddir" @@ -35,4 +41,5 @@ package() { cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2" +sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2 +5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch" diff --git a/main/libexif/CVE-2017-7544.patch b/main/libexif/CVE-2017-7544.patch new file mode 100644 index 0000000000..b8825e1385 --- /dev/null +++ b/main/libexif/CVE-2017-7544.patch @@ -0,0 +1,20 @@ +Index: libexif/exif-data.c +=================================================================== +RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v +retrieving revision 1.131 +diff -u -r1.131 exif-data.c +--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 ++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 +@@ -255,6 +255,12 @@ + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + |